Friday, August 22, 2014

Comments on CSE commissioner's report II

Some additional comments on aspects of the CSE commissioner's 2013-14 report, which was released by the Office of the CSE Commissioner (OCSEC) on August 20th (initial comments here):

I'm vigorous, dammit!

One of the things that leaps out about this year's report is how defensive CSE commissioners are getting about all the criticisms that have been leveled in recent years concerning their effectiveness as watchdogs.

In this, my first annual report, I want to set the record straight on what the Office of the CSE Commissioner does, how we do it and the way we develop reports.... I want to reassure Canadians, especially those who are skeptical about the effectiveness of review of intelligence agencies, that I am scrupulously investigating those CSEC activities that present the greatest risks to compliance with the law and to privacy. Rest assured that I will do so with the requisite vigour and all the powers of the Inquiries Act necessary to arrive at comprehensive conclusions. I will make public as much information as possible about these investigations, their resulting conclusions and any recommendations. Transparency is important to maintain public trust.

Let's give the commissioners and OCSEC their due. A lot of the criticisms that have been made in recent years have been off-base or exaggerated. It is clear that successive CSE commissioners and their staff have worked hard to inculcate a culture of legal compliance at CSEC and to develop and implement systems to monitor and measure that compliance—and that those efforts have brought significant improvements to the way CSEC does business. Canadians are much better off, I think, for having had OCSEC watching over CSEC.

But that is not to say that there haven't been any problems or weaknesses in the way OCSEC operates, including, for example, an apparent unwillingness to pull the trigger on compliance judgements, an inability to say almost anything comprehensible in annual reports (although this is gradually improving), a mandate excessively focused on compliance with the law, and an unwillingness or inability to use the insider knowledge that only commissioners and OCSEC have to advocate for changes to those laws to ensure that privacy protections keep up with the rapidly changing world of technology.

Read Wesley Wark's excellent commentary here for a reasoned critique of the performance of the office.

Where's the hammer?

For all of the useful work that OCSEC does, the minister responsible for CSEC cares about only one thing when he stands up in the House of Commons to respond to some concern about CSEC. And that is whether or not he can say that for the xth year in a row, the CSE commissioner has declared that all of CSEC's activities were in compliance with the law.

This year the commissioner has once again graciously provided the money quote:

Each year, I provide an overall statement on my findings about the lawfulness of CSEC activities. All of the activities of CSEC reviewed in 2013–2014 complied with the law.

With that on the record, the government can happily go back to ignoring the commissioner on things like the amendments to the National Defence Act that commissioners have been calling for since shortly after 2001 and which were actually promised by the government as long ago as 2007. (More here and here.)

It's about time commissioners stopped making that statement.

I'm not saying they should declare something in breach of the law if they don't believe there has been a breach. And there's probably some wisdom in talking things through behind the scenes in order get problems solved, as OCSEC clearly prefers to do, rather than pulling out the hammer and turning everything into a no-holds-barred confrontation at the first opportunity.

But let's be clear here. Every single CSE commissioner who has ever held the office (with the possible exception of Peter Cory, who held the job for such a short time he may not have formed an opinion on the question) has concluded that the Ministerial Authorization (MA) procedure that CSEC uses in order to enable it to legally intercept private communications is not supported by the law as it is written. No one is accusing CSEC of intentional law-breaking in this respect; it is the position of the Department of Justice, CSEC's legal advisor, that the current MAs do comply with the law, and there is every reason to believe that the government intended for the law passed in 2001 to make the current procedures legal.

But you're supposed to obey the laws you have, not the laws you wanted to have, so what the law actually says matters.

The government has had plenty of time to respond to the commissioners' warnings, either by passing amendments or by referring the question to the courts for a definitive interpretation.

It is time for the commissioner to pick up the hammer.

Imagine the reaction in Ottawa if this year's report, instead of providing the minister's money quote, declared that CSEC did not comply with the law in 2013-14, and that in the view of successive commissioners it had not been in compliance since 2001.

I think pandemonium wouldn't be too strong a word.

I can see why commissioners would be reluctant to bring the hammer down quite that hard, as it would amount to a call to shut down a large part of CSEC's operations—at least until amendments could be passed.

But even a statement that the commissioner is unable to affirm that CSEC's activities comply with the law would make the government sit up and take notice.

If Mr. Plouffe wants the government, and the public, to take OCSEC seriously, he should at least pick up the hammer.

The tepid statement in the current report is unlikely to do the trick:

Since the enactment of Part V.1 of the National Defence Act in December 2001, all CSE Commissioners have voiced concerns that certain fundamental provisions in the legislation lack clarity. In 2007, the government committed to amending the legislation to clarify these ambiguities. It is hoped that this can be resolved in the near future.

Supernumerary no more

The original CSE commissioner, Claude Bisson, did not believe that supernumerary judges should serve as commissioner, although the law establishing the job does permit it. (Background explanation here.)

The current commissioner was the only supernumerary ever appointed to the job. But this year's report confirms that he has now retired as a judge, so the question is for the moment again moot.

The Mosley imbroglio

The commissioner's report has disappointingly little to say about the CSIS 30-08 warrants blowout.

No discussion of the legality of CSEC asking Five Eyes partners to monitor Canadians on the basis of warrants that, it turns out, did not authorize Five Eyes involvement.

No discussion of the legality of the actions of senior CSEC official James D. Abbott, who admitted to Justice Mosley that his 2009 testimony was "crafted" to avoid mentioning to the court that Five Eyes assistance would be sought.

Why no comment on these issues?

It's ba-a-a-ack!

Earlier this year I noted that back in 2009 and 2010 the CSE commissioner had promised to conduct a review on the very interesting topic of CSEC assistance to CSIS with respect to s.16 of the CSIS Act, but that the review had never appeared.

Well, it's back (at least, the promise is):

The results of several reviews currently under way are expected to be reported to the Minister of National Defence in the coming year and included in my 2014–2015 annual report. The subjects of these reviews include:... a review of CSEC assistance to CSIS under part (c) of CSEC’s mandate and sections 16 and 21 of the CSIS Act.

I expect [redacted] will be [redacted] and [redacted] on that [redacted]. [Redacted]. But it could still be [redacted].

Looking forward to it.

More comments to come on other elements of the report, but that's it for now...